d4Rk's 1337 h4x0r guide
About me
Search…
Introduction
Reconnaissance
Recon
OSINT
Enumeration
Network discovery
Port scanning
Webserver scanning
Exploit detection
Fuzzing
Process monitoring
Exploitation
Shells
Passwords
Web
Buffer overflow
Misc
Privilege escalation
Linux
Windows
Post exploitation
Loot
Pivoting
Standalone Tools
Services
TCP
UDP
Misc
File transfer
Overview
Wget
Pure-FTPd
TFTP
VBScript: Wget clone
Misc
Bash
Burp Suite
Crypto
Ebowla
Firefox extensions
Impacket
Memory forensics
Metasploit Framework (MSF)
MITM
Msfvenom
Pass the Hash (PTH)
PowerShell
PowerShell on Linux
Wireshark
Wordlists and dictionaries
Bug Bounty
Platforms
Tools
Powered By GitBook
Webserver scanning

Related

​TCP 80, 443: HTTP(S)​

Common wordlists

General
  • /usr/share/seclists/Discovery/Web-Content/common.txt
  • /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
CGI
  • /usr/share/seclists/Discovery/Web-Content/CGIs.txt
SharePoint
  • /usr/share/wordlists/SecLists/Discovery/Web_Content/sharepoint.txt

gobuster

​GitHub - OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
1
gobuster dir -w /usr/share/seclists/Discovery/Web-Content/common.txt -s '200,204,301,302,307,403,500' -e -o gobuster -t 50 -u <host>
Copied!

File extensions

IIS
1
-x 'asp, aspx, html, txt'
Copied!
Apache / nginx
1
-x 'php, cgi, jsp, html, txt'
Copied!

wfuzz

​GitHub - xmendez/wfuzz - Web application fuzzer
1
wfuzz -w <wordlist-file> —-hc 404 <host>/FUZZ/FUZ2Z
Copied!
1
wfuzz -c -w /usr/share/seclists/Discovery/Web-Content/common.txt --sh BBB <host>/file.php?param=FUZZ
Copied!

fuff

Fast web fuzzer written in Go. fuff​
Enumerate usernames
1
ffuf -w <wordlist-file> -X POST -d "email=FUZZ&password=x" -H "Content-Type: application/x-www-form-urlencoded" -u <url> -mr "email already exists"
Copied!
Brute force passwords
1
ffuf -w emails.txt:W1,<password-file>:W2 -X POST -d "email=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u <url> -fc 200
Copied!

nikto

​GitHub - sullo/nikto - Web server scanner
1
nikto -h <ip> -Format txt -o .
Copied!

dotdotpwn

​GitHub - wireghoul/dotdotpwn - The Directory Traversal Fuzzer
1
dotdotpwn -m http -h <ip> -f <file>
Copied!
1
dotdotpwn -m http-url -u http://<ip>/nav.php?page=TRAVERSAL -o unix -s -d 4 -k "root:" -f /etc/passwd
Copied!

dirb

​DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.
1
dirb <host> -o dirb
Copied!

DirBuster

​DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
1
dirbuster
Copied!

Web application firewall (WAF) detection

You can use wafw00f to detect web application firewalls (WAFs).
1
wafw00f <url>
Copied!

wappalyzer (firefox add-on)

See Firefox extensions​
Enumeration - Previous
Port scanning
Next - Enumeration
Exploit detection
Last modified 16d ago
Copy link
Edit on GitHub
Contents
Related
Common wordlists
gobuster
File extensions
wfuzz
fuff
nikto
dotdotpwn
dirb
DirBuster
Web application firewall (WAF) detection
wappalyzer (firefox add-on)